NiksOS/system/server/derek-site.nix

{
  config,
  pkgs,
  lib,
  ...
}: let
  name = "derek-site";
  cfg = config.niksos.server.${name}.enable;

  userGroup = name;
  gitRepo = "https://github.com/Definitely-Not-A-Dolphin/Geen-Dolfijn";

  inherit (lib) getExe mkEnableOption mkIf;
  bash = getExe pkgs.bash;

  varLib = "/var/lib/";
  mainDir = "${varLib}${userGroup}";
  programDir = "${mainDir}/program";
  denoDir = "${mainDir}/deno";

  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.deno pkgs.git pkgs.nodejs]);
  runScript = pkgs.writeShellScriptBin "geen-dolfijn" ''
    export PATH='${path}'
    set -a
    . ${config.age.secrets.${userGroup}.path}
    set +a

    cd ${programDir}
    deno run preview --host --port 9010
  '';
in {
  options.niksos.server.${name}.enable = mkEnableOption name;

  config = mkIf cfg {
    services.caddy.virtualHosts."geen-dolfijn.nl".extraConfig = ''
      reverse_proxy http://127.0.0.1:9010
    '';
    systemd.services.${userGroup} = {
      enable = true;
      after = ["network.target"];
      wantedBy = ["default.target"];
      description = userGroup;

      environment = {
        "DENO_DIR" = denoDir;
        "PATH" = lib.mkForce path;
      };

      preStart = ''
        export PATH=${path}
        set -a
        . ${config.age.secrets.${userGroup}.path}
        set +a

        cd "${mainDir}"
        chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo

        if [ ! -d "${programDir}" ]; then
          git clone "${gitRepo}" "${programDir}"
        fi
        chmod -R 750 ${mainDir}/* || echo

        cd "${programDir}"
        git fetch
        git reset --hard origin/HEAD
        rm -rf build || echo no build here lol

        DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp
        DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error
      '';

      serviceConfig = {
        StateDirectory = userGroup;
        ExecStart = getExe runScript;
        User = userGroup;
        Group = userGroup;
        Restart = "always";
      };
    };

    users.groups.${userGroup} = {};
    users.users.${userGroup} = {
      group = userGroup;
      isNormalUser = true;
    };
  };
}